[ISN] Linux Advisory Watch - September 29th 2004

InfoSec News isn at c4i.org
Mon Nov 1 03:52:48 EST 2004


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  October 29th, 2004                           Volume 5, Number 43a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for mozilla, zlib, kernel, glib2,
MySQL, Gaim, MIT, Netatalk, socat, mpg123, rssh, xpdf, gpdf, cups,
kdegraphics, squid, and libtiff.  The distributors include Conectiva,
Fedora, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.

-----
>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
-----

Developing A Security Policy

Create a simple, generic policy for your system that your users can
readily understand and follow.  It should protect the data you're
safeguarding, as well as the privacy of the users.  Some things to
consider adding are who has access to the system (Can my friend use my
account?), who's allowed to install software on the system, who owns what
data, disaster recovery, and appropriate use of the system.

A generally accepted security policy starts with the phrase: "That which
is not expressly permitted is prohibited"

This means that unless you grant access to a service for a user, that user
shouldn't be using that service until you do grant access. Make sure the
policies work on your regular user account, Saying, ``Ah, I can't figure
this permissions problem out, I'll just do it as root'' can lead to
security holes that are very obvious, and even ones that haven't been
exploited yet.

Additionally, there are several questions you will need to answer to
successfully develop a security policy:

 What level of security do your users expect?
 How much is there to protect, and what is it worth?
 Can you afford the down-time of an intrusion?
 Should there be different levels of security for different groups?
 Do you trust your internal users?
 Have you found the balance between acceptable risk and secure?

You should develop a plan on who to contact when there is a security
problem that needs attention.

There are quite a few documents available on developing a Site Security
Policy.  You can start with the SANS Security Policy Project.

  http://www.sans.org/resources/policies/


Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html

Written by: Dave Wreski (dave at guardiandigital.com)

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 10/22/2004 - mozilla
   upstream fix

   This announcement updates mozilla packages for Conectiva Linux 9
   and 10 to mozilla version 1.7.3. This updates fixes lots of
   vulnerabilities.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-5004.html

 10/25/2004 - zlib
   denial of service vulnerabilities fix

   Due to a Debian bug report[3], a denial of service
   vulnerability[4] was discovered in the zlib compression library
   versions 1.2.x, in the inflate() and inflateBack() functions.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-5020.html

 10/26/2004 - kernel
   vulnerabilities fix

   This announcement fixes a vulnerability in the Linux kernel which
   could allow a local attacker to obtain sensitive information due
   to an issue when handling 64-bit file offset pointers.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-5024.html

 10/27/2004 - foomatic-filters vulnerability
   vulnerabilities fix

   The foomatic-rip filter in foomatic-filters contains a
   vulnerability[2][3] caused by insufficient checking of
   command-line parameters and environment variables which may allow
   arbitrary remote command execution on the print server with the
   permissions of the spooler user ("lp").
   http://www.linuxsecurity.com/advisories/conectiva_advisory-5029.html


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 10/26/2004 - cups-1.1.20-11.6 update
   vulnerabilities fix

   A problem with PDF handling was discovered by Chris Evans, and has
   been fixed.  The Common Vulnerabilities and Exposures project
   (www.mitre.org) has assigned the name CAN-2004-0888 to this issue.
   http://www.linuxsecurity.com/advisories/fedora_advisory-5023.html

 10/27/2004 - glib2
   and gtk2 md5sums update

   The md5sums of the glib2-2.4.7-1.1 and gtk2-2.4.13-2.1 updates
   don't match the ones in the announcements I sent out.
   http://www.linuxsecurity.com/advisories/fedora_advisory-5026.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 10/24/2004 - MySQL
   Multiple vulnerabilities

   Several vulnerabilities including privilege abuse, Denial of
   Service, and potentially remote arbitrary code execution have been
   discovered in MySQL.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5013.html

 10/24/2004 - Gaim
   Multiple vulnerabilities

   Multiple vulnerabilities have been found in Gaim which could allow
   a remote attacker to crash the application, or possibly execute
   arbitrary code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5014.html

 10/25/2004 - MIT
   krb5 Insecure temporary file use in send-pr.sh

   The send-pr.sh script, included in the mit-krb5 package, is
   vulnerable to symlink attacks, potentially allowing a local user
   to overwrite arbitrary files with the rights of the user running
   the utility.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5016.html

 10/25/2004 - Netatalk
   Insecure tempfile handling in etc2ps.sh

   The etc2ps.sh script, included in the Netatalk package, is
   vulnerable to symlink attacks, potentially allowing a local user
   to overwrite arbitrary files with the rights of the user running
   the utility.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5017.html

 10/25/2004 - socat
   Format string vulnerability

   socat contains a format string vulnerability that can potentially
   lead to remote or local execution of arbitrary code with the
   privileges of the socat process.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5018.html

 10/27/2004 - mpg123
   Buffer overflow vulnerabilities

   Buffer overflow vulnerabilities have been found in mpg123 which
   could lead to execution of arbitrary code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5025.html

 10/27/2004 - rssh
   Format string vulnerability

   rssh is vulnerable to a format string vulnerability that allows
   arbitrary execution of code with the rights of the connected user,
   thereby bypassing rssh restrictions.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-5027.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 10/22/2004 - xpdf
   vulnerabilities fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package which can result in DOS or possibly arbitrary code
   execution.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5000.html

 10/22/2004 - gpdf
   DoS vulnerability fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code, such
   as gpdf.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5001.html

 10/22/2004 - cups
   DoS vulnerabilities fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5002.html

 10/22/2004 - kdegraphics
   DoS vulnerability fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code, such
   as kpdf.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5003.html

 10/22/2004 - squid
   SNMP processing vulnerability fix

   iDEFENSE discovered a Denial of Service vulnerability in squid
   version 2.5.STABLE6 and previous.  The problem is due to an ASN1
   parsing error where certain header length combinations can slip
   through the validations performed by the ASN1 parser, leading to
   the server assuming there is heap corruption or some other
   exceptional condition, and closing all current connections then
   restarting.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5007.html

 10/22/2004 - gpdf
   DoS vulnerability fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5008.html

 10/22/2004 - kdegraphics
   DoS vulnerability fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5009.html

 10/22/2004 - CUPS
   DoS vulnerabilities fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5010.html

 10/22/2004 - xpdf
   vulnerabilities fix

   Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
   Also programs like cups which have embedded versions of xpdf.
   These can result in writing an arbitrary byte to an attacker
   controlled location which probably could lead to arbitrary code
   execution.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5011.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 10/22/2004 - CUPS
   security issues fix

   Updated cups packages that fix denial of service issues, a
   security information leak, as well as other various bugs are now
   available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-5005.html

 10/22/2004 - libtiff
   update

   Updated libtiff packages that fix various buffer and integer
   overflows are now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-5006.html

 10/27/2004 - mysql-server update
   update

   An updated mysql-server package that fixes various security issues
   is now available in the Red Hat Enterprise Linux 3 Extras channel
   of Red Hat Network.
   http://www.linuxsecurity.com/advisories/redhat_advisory-5030.html

 10/27/2004 - xchat
   SOCKSv5 proxy security issue fix

   An updated xchat package that fixes a stack buffer overflow in the
   SOCKSv5 proxy code.
   http://www.linuxsecurity.com/advisories/redhat_advisory-5031.html

 10/27/2004 - xpdf
   security flaws fix

   An updated xpdf package that fixes a number of integer overflow
   security flaws is now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-5032.html


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

 10/22/2004 - Gaim
   buffer overflow

   A buffer overflow in the MSN protocol handler for GAIM 0.79 to
   1.0.1 allows remote attackers to cause a denial of service
   (application crash) and may allow the execution of arbitrary code.
   http://www.linuxsecurity.com/advisories/slackware_advisory-5015.html

 10/26/2004 - apache, mod_ssl, php security issues fix
   buffer overflow

   New apache and mod_ssl packages are available for Slackware 8.1,
   9.0, 9.1, 10.0, and -current to fix security issues.
   http://www.linuxsecurity.com/advisories/slackware_advisory-5021.html


+---------------------------------+
|  Distribution: Suse             | ----------------------------//
+---------------------------------+

 10/22/2004 - libtiff
   security vulnerability fix

   Chris Evans found several security related problems during an
   audit of the image handling library libtiff, some related to
   buffer overflows, some related to integer overflows and similar.
   http://www.linuxsecurity.com/advisories/suse_advisory-5012.html

 10/26/2004 - xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups security
   vulnerability fix security vulnerability fix

   Chris Evans found several integer overflows and arithmetic errors.
   Additionally Sebastian Krahmer from the SuSE Security-Team found
   similar bugs in xpdf 3.
   http://www.linuxsecurity.com/advisories/suse_advisory-5019.html

 10/26/2004 - xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups remote system
   compromise security vulnerability fix

   Chris Evans found several integer overflows and arithmetic errors.
   Additionally Sebastian Krahmer from the SuSE Security-Team found
   similar bugs in xpdf 3.
   http://www.linuxsecurity.com/advisories/suse_advisory-5022.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list